Ohio Cybersecurity Bill Gains Momentum

Ohio Attorney General Mike DeWine has signaled his continuing support for a new Ohio law that would promote industrywide cybersecurity protections for consumers. Senate Bill (SB) 220, the Data Protection Act, encourages businesses to voluntarily adopt cybersecurity controls and best practices to protect consumer data.

The Data Protection Act provides businesses ten suggested cybersecurity frameworks based on industry-recognized programs. These frameworks are derived from existing federal laws, such as the Health Insurance Portability and Accountability Act, as well as reports by third-parties such as the National Institute of Technology and Science. While participation is optional, businesses that implement one of these frameworks will be entitled to a legal safe harbor in the event of a data breach lawsuit alleging the company failed to implement reasonable information security controls.

The Data Protection Act is the first piece of legislation being introduced as a result of Attorney General DeWine’s CyberOhio Initiative. CyberOhio was launched in 2016 as a state-sponsored forum to promote collaborative talks on cybersecurity initiatives between industry professionals and the government.

SB 220 has passed the Senate and is currently scheduled to go before the Ohio House of Representatives for further consideration. Amid mounting concerns relating to consumer privacy and data protection, the Bill will likely receive extensive discussion but avoid strong opposition preventing its passage. New York’s SHIELD law, which provides a similar safe harbor for entities in certified compliance with one of several preordained cybersecurity frameworks, has enjoyed legislative support across both sides of the aisle and may prove instructive on what can be expected with Ohio’s Data Protection Act.

Be sure sure to follow M&S Compliance Now as we continue to monitor and share the latest developments and potential impact of SB 220 on organizations conducting businesses with Ohio consumers.

Sandy Lynskey

May 23, 2018

More On Compliance Now

Jul 27, 2018

Payday Lender Settles Misleading Loan Disclosure Allegations

Josh Stevens

The Bureau of Consumer Financial Protection (BCFP) has settled with Triton Management Group, Inc. (Triton), a small dollar lender operating under the names “Always Money” and “Quik Pawn Shop.” Triton offers high-cost, short-term loans including payday, auto title pledge, and installment loans primarily to consumers for personal, family, or household purposes. The Consent Order alleges [...]

Jul 13, 2018

California Enacts Sweeping Data Privacy Law

Nick Whisler

California recently passed a privacy law requiring businesses to provide greater transparency into their data practices and giving consumers more control over their personal information. The California Consumer Privacy Act of 2018 (CCPA) raced its way through the state legislature without opposition to avoid a November ballot initiative, which was widely viewed as more onerous [...]

Jul 05, 2018

Vermont Tightens its Grip on Automatic Renewal Contracts

Josh Stevens

Most states have laws regulating “automatic renewal contracts” (ARC), but Vermont’s new House Bill 593 is one of the strictest. The Act, which updates Vermont’s current ARC laws, became law on May 28, 2018. The new regulatory requirements will take effect on July 1, 2019 and are aimed at protecting consumers from deceptive business practices. [...]